IACR paper details

A secure group signature is required to be anonymous, that is,
given two group signatures generated by two different members on
the same message or two group signatures generated by the same
member on two different messages, they are indistinguishable
except for the group manager. In this paper we prove the
equivalence of a group signature's anonymity and its
indistinguishability against chosen ciphertext attacks if we view
a group signature as an encryption of member identity.
Particularly, we prove ACJT's group signature is IND-CCA2 secure,
so ACJT's scheme is anonymous in the strong sense. The result is
an answer to an open question in literature.